[e-lang] Unsafe code in capability languages
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Tue Aug 29 16:17:42 CDT 2006
I wrote:
> [...] But the example should
> probably be written something like this instead (tested code, for a change):
>
> ----
> #!/usr/bin/env rune
>
> def helloWorld
> def javaStdout := <unsafe:java.lang.System>.getOut()
> def stdout {
> to println(text :String) :void {
> # gack, PrintStream.println is overloaded
> E.call(javaStdout, "println(String)", ["HelloWorld: " + text])
> }
> }
> helloWorld(stdout)
>
> # In a real app, the above code would be the "powerbox", and the main program
> # below would be in a different module.
>
> bind helloWorld(stdout) :void {
> stdout.println("Hello, World!")
> }
> ----
Well, I thought I'd tested it, but I'd actually forgotten to press save and
tested the previous version. The above code won't work because 'helloWorld'
is called before it is bound (and also because 'stdout' is predefined in the
privileged scope). Here's a working version:
----
#!/usr/bin/env rune
def javaStdout := <unsafe:java.lang.System>.getOut()
def std_out {
to println(text :String) :void {
# This is a neater way to call overloaded methods.
javaStdout."println(String)"("HelloWorld: " + text)
}
}
# In a real app, the above code would be the "powerbox", and the main program
# below would be in a different module.
def helloWorld(out) :void {
out.println("Hello, World!")
}
# This is logically part of the powerbox:
helloWorld(std_out)
----
... and now I'm even less clear on what is the best practice for writing
single-file E scripts where trusted code is clearly separated from untrusted
code.
Incidentally, the JVM (1.5.0-beta-b32c on Windows XP) crashed with an access
violation the first time I tried to run this. Not reproducible, but not
exactly inspiring of confidence in Java as a base platform for E :-(
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the e-lang
mailing list